USM Anywhere follows a specific order for applying orchestration rules:
- Filtering rules: These rules are essential to control the traffic of your events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall.. USM Anywhere does not process nor save events that match a filtering rule.
- Suppression rules: USM Anywhere saves the events that match a suppression rule, but does not correlate these suppressed events. By default, USM Anywhere hides these suppressed events. If you want to see these events, click Suppressed in the Search & Filters area. The table displays suppressed events along with all events.
See To only display the suppressed events if you want to display just the suppressed events.
- Notification, alarm, and response action rules: USM Anywhere processes and correlates all events that match one of these rules.
This diagram summarizes the workflow of orchestration rules: